1 files changed, 95 insertions, 33 deletions

diff --git a/recipes-containers/skopeo/files/storage.conf b/recipes-containers/skopeo/files/storage.conf
index 818cfe8f..722750c0 100644
--- a/recipes-containers/skopeo/files/storage.conf
+++ b/recipes-containers/skopeo/files/storage.conf
@@ -4,15 +4,19 @@
 # The "container storage" table contains all of the server options.
 [storage]
 
-# Default Storage Driver
+# Default Storage Driver, Must be set for proper operation.
 driver = "overlay"
 
 # Temporary storage location
-runroot = "/var/run/containers/storage"
+runroot = "/run/containers/storage"
 
 # Primary Read/Write location of container storage
 graphroot = "/var/lib/containers/storage"
 
+# Storage path for rootless users
+#
+# rootless_storage_path = "$HOME/.local/share/containers/storage"
+
 [storage.options]
 # Storage options to be passed to underlying storage drivers
 
@@ -21,40 +25,98 @@ graphroot = "/var/lib/containers/storage"
 additionalimagestores = [
 ]
 
-# Size is used to set a maximum size of the container image.  Only supported by
-# certain container storage drivers.
-size = ""
-
-# Path to an helper program to use for mounting the file system instead of mounting it
-# directly.
-#mount_program = "/usr/bin/fuse-overlayfs"
-
-# OverrideKernelCheck tells the driver to ignore kernel checks based on kernel version
-override_kernel_check = "true"
-
-# mountopt specifies comma separated list of extra mount options
-mountopt = "nodev"
-
 # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
-# a container, to UIDs/GIDs as they should appear outside of the container, and
-# the length of the range of UIDs/GIDs.  Additional mapped sets can be listed
-# and will be heeded by libraries, but there are limits to the number of
+# a container, to the UIDs/GIDs as they should appear outside of the container,
+# and the length of the range of UIDs/GIDs.  Additional mapped sets can be
+# listed and will be heeded by libraries, but there are limits to the number of
 # mappings which the kernel will allow when you later attempt to run a
 # container.
 #
 # remap-uids = 0:1668442479:65536
 # remap-gids = 0:1668442479:65536
 
-# Remap-User/Group is a name which can be used to look up one or more UID/GID
+# Remap-User/Group is a user name which can be used to look up one or more UID/GID
 # ranges in the /etc/subuid or /etc/subgid file.  Mappings are set up starting
-# with an in-container ID of 0 and the a host-level ID taken from the lowest
+# with an in-container ID of 0 and then a host-level ID taken from the lowest
 # range that matches the specified name, and using the length of that range.
 # Additional ranges are then assigned, using the ranges which specify the
-# lowest host-level IDs first, to the lowest not-yet-mapped container-level ID,
+# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
 # until all of the entries have been used for maps.
 #
-# remap-user = "storage"
-# remap-group = "storage"
+# remap-user = "containers"
+# remap-group = "containers"
+
+# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
+# ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned
+# to containers configured to create automatically a user namespace.  Containers
+# configured to automatically create a user namespace can still overlap with containers
+# having an explicit mapping set.
+# This setting is ignored when running as rootless.
+# root-auto-userns-user = "storage"
+#
+# Auto-userns-min-size is the minimum size for a user namespace created automatically.
+# auto-userns-min-size=1024
+#
+# Auto-userns-max-size is the minimum size for a user namespace created automatically.
+# auto-userns-max-size=65536
+
+[storage.options.overlay]
+# ignore_chown_errors can be set to allow a non privileged user running with
+# a single UID within a user namespace to run containers. The user can pull
+# and use any image even those with multiple uids.  Note multiple UIDs will be
+# squashed down to the default uid in the container.  These images will have no
+# separation between the users in the container. Only supported for the overlay
+# and vfs drivers.
+#ignore_chown_errors = "false"
+
+# Inodes is used to set a maximum inodes of the container image.
+# inodes = ""
+
+# Path to an helper program to use for mounting the file system instead of mounting it
+# directly.
+#mount_program = "/usr/bin/fuse-overlayfs"
+
+# mountopt specifies comma separated list of extra mount options
+mountopt = "nodev"
+
+# Set to skip a PRIVATE bind mount on the storage home directory.
+# skip_mount_home = "false"
+
+# Size is used to set a maximum size of the container image.
+# size = ""
+
+# ForceMask specifies the permissions mask that is used for new files and
+# directories.
+#
+# The values "shared" and "private" are accepted.
+# Octal permission masks are also accepted.
+#
+#  "": No value specified.
+#     All files/directories, get set with the permissions identified within the
+#     image.
+#  "private": it is equivalent to 0700.
+#     All files/directories get set with 0700 permissions.  The owner has rwx
+#     access to the files. No other users on the system can access the files.
+#     This setting could be used with networked based homedirs.
+#  "shared": it is equivalent to 0755.
+#     The owner has rwx access to the files and everyone else can read, access
+#     and execute them. This setting is useful for sharing containers storage
+#     with other users.  For instance have a storage owned by root but shared
+#     to rootless users as an additional store.
+#     NOTE:  All files within the image are made readable and executable by any
+#     user on the system. Even /etc/shadow within your image is now readable by
+#     any user.
+#
+#   OCTAL: Users can experiment with other OCTAL Permissions.
+#
+#  Note: The force_mask Flag is an experimental feature, it could change in the
+#  future.  When "force_mask" is set the original permission mask is stored in
+#  the "user.containers.override_stat" xattr and the "mount_program" option must
+#  be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
+#  extended attribute permissions to processes within containers rather then the
+#  "force_mask"  permissions.
+#
+# force_mask = ""
 
 [storage.options.thinpool]
 # Storage Options for thinpool
@@ -102,12 +164,19 @@ mountopt = "nodev"
 # Value 0% disables
 # min_free_space = "10%"
 
-# mkfsarg specifies extra mkfs arguments to be used when creating the base.
+# mkfsarg specifies extra mkfs arguments to be used when creating the base
 # device.
 # mkfsarg = ""
 
+# metadata_size is used to set the `pvcreate --metadatasize` options when
+# creating thin devices. Default is 128k
+# metadata_size = ""
+
+# Size is used to set a maximum size of the container image.
+# size = ""
+
 # use_deferred_removal marks devicemapper block device for deferred removal.
-# If the thinpool is in use when the driver attempts to remove it, the driver 
+# If the thinpool is in use when the driver attempts to remove it, the driver
 # tells the kernel to remove it as soon as possible. Note this does not free
 # up the disk space, use deferred deletion to fully remove the thinpool.
 # use_deferred_removal = "True"
@@ -124,10 +193,3 @@ mountopt = "nodev"
 # attempt to complete IO when ENOSPC (no space) error is returned by
 # underlying storage device.
 # xfs_nospace_max_retries = "0"
-
-# If specified, use OSTree to deduplicate files with the overlay backend
-ostree_repo = ""
-
-# Set to skip a PRIVATE bind mount on the storage home directory.  Only supported by
-# certain container storage drivers
-skip_mount_home = "false"